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@ Independent external security module for a digitally upgradeable television signal decoder. 

(§) A decoder for descrambting encoded satellite transmissions comprises an internal security module 
and a replaceable security module. The program signal is scrambled with a key (704) and then the key 
itself is twice-encrypted (710 J 15) and multiplexed (732) with the scrambled program signal. The 
decoder (708) performs a first key decryption u^ng the second secret serial numt»er (SSN2) stored 
within the decoder (712). The paitially decrypted key is then further decrypted by the replaceable 
security module (714) using the first secret serial number (SSN^) stored within the replaceable security 
module (717). The decoder then descrambles (708) the program using the twtee-decrypted key. The 
replaceable security module (714) can be replaced, allowing the security system to be upgraded or 
changed fdfcwing a system t>reach. E^er security rrKMlule may become the active security module to 
finally decrypt the seed, selectable by a signal transmitted from the encoder (721). 

Also disclosed is a method for transmitting (1284) the encrypted keys and seaet serial numbers to a 
phjratity of broadcasters (1286) who may rn tum nmjltiplex ths signal with their own program signals so 
that any given channd received by a subscriber (1289) contains the key and secret serial numbers. 
Additionally, the decoder (1306.1390) may be upgradeable to accept both analog and digital vUeo 
agnals without signrfk^nt redundant circuitry. 
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BACKGROUND OF THE INVENTION 

1. Field of the Invention 

5 The present invention relates generally to the field of scrambling and transmission systems and more specl- 
ficaliy, to an external security module for a television signal decoder of a broadcast, satellite, or cable television 
transmission system. Additionally, the present invention is more specifically directed to a method of transmitting 
subscriber infomnatbn to subscription television signal distributors and methods for converting a television sig- 
nal decoder to accept digital television signals. The present invention has particular application for B-type Mul- 

10 tiplexed Analog Component (B-MAC) satellite transmission, but may also be used for NTSC (National 
Television Standards Committee), PAL. SECAM, or proposed high definition television fonnats. In addition, the 
scrambling system of the present Invention can be used in applications in related fields such as electronic bank- 
ing networks, telephone sv^f itching systems, cellular telephone networks, computer networks, etc. The system 
has particular application to so-called " conditional-access ' multichannel television systems, where the viewer 

15 may have access to several "basic" channels, one or more "premium" or extra-cost channels as well as "pay- 
per-view" or Impulse pay-per-view" programs. 

2. Description of the Relevant Art 

20 In a pay television system, a pay television service provider typically protects the signal from unauthorized 
subscribers and pirates through scrambling. 

For ttie purposes of the following discussion and this invention, ttie tenn "subscriber" means one who is 
paying for the televfeion service. The "subscriber" could thus be an individual consumer with a decoder in his 
own home, or could be a system operator such as a local cable TV operator, or a small network operator such 

25 as a Hotel/Motel operator virith a central decoder for all televisions in the Hotel or Motel. In addition, the "sub- 
scriber" could be an industrial user, as described in U.S. Patent 4,866,770 assigned to the same assignee as 
the present application and incorporated herein by reference. 

For tiie purposes of this invention, a network is defined as a program source, (such as a pay television 
provider), an encoder, (sometimes called a "headend "), a transmission means (satellite, cable, radio wave. 

30 etc.) and a series of decoders used by the subscribers as described above. A system is defined as a program 
source, an encoder, a transmission means, and a single receiving decoder. The system model is used to de- 
scribe how an individual decoder in a network interacts with tiie encoder 

The scrambling process is accomplished via a key which may itself be encrypted. Each subscriber wishing 
to receive the signal is provided with a decoder having an kjentification number which is unique to the decoder. 

35 The decoder may be individually authorized with a key to descramble the scrambled signal, provided approp- 
riate payments are made for service. Authorization is accomplished by distributing descramWing algorithms 
which woric in combination with the key (and other infonmation) to paying subscribers, and by denying that in- 
formation to non-sut>scribers and to all would-be pirates. 

The key may be transmitted as a data signal embedded in the normal televisbn transmission associated 

40 with the identification number of the decoder. In a typical television signal, there are so-called "vertical blanking 
intervals" (VBI) occunrtng in each field and "horizontal blanking intervals" (HBI) occurring in each line between 
the chrominance and luminance signals. Various other signals can be sent "in-band" in the vertical and hori- 
zontal blanking intervals including additional audk) channels, data, and teletext nmssages. The key can be 
embedded in these "blanking intervals" as is well known in ttie art Attention is drawn to U.S. Patent No. 

45 4.629.569 assigned to the same assignee as tiie present application and incorporated herein by reference, 
showing how such data can be embedded in a B-MAC signal. Alternatively, the key may be sent "out-of-band" 
over a separate data channel or even over a telephone line. 

Maintaining security in a conditional-access television networic depends on tiie following requirements: 

(i) The signal scrantbling techniques must be sufficiently complex to insure that direct encryptographic at- 
50 tack ts not practical. 

(ii) keys distributed to an authorized decoder cannot be read out and transferred to other decoders. 
The Hrst condition can be satisfied by practical scrambling algoritiims now available such as the DES (Data 

Encryption Standard) or related algorithnrts. 

The second condition requires the physical security of certain devices wittiin tiie television signal decoder 
5S and is much more difTicult to satisfy. Such a device must prevent observation of both the key decryption process 

and the partially decrypted key signals. 

Figure 1 sfiows a prior art conditionaJ-access system for satellite transmtssioru In encoder 101. the source 
program information 102 which comprises video s^nals. audio signals, and data is scrambled in program 
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scrambler 103 using a key from key memory 104. The scrambling techniques used may be any such techniques 
which are well known in the art The key can be a signal or code number used in the scrambling process which 
is also required to "unlock" or descrambte the program in program descrambler 108 in decoder 106. In practice, 
one key can be used (single layer encryptton) or more than one key (not shown). The key is usually changed 

5 with time (i.e. - monthly) to discourage piracy. The scrambled programs and the key are transmitted through 
satellite link 105, and received by conditional-access decoder 106. Decoder 106 recovers the key from the re- 
ceived signal, stores it in key memory 107 and applies it to program descrambler 108 which descrambles the 
scrambled program received over satellite link 105. and outputs unscrambled program 109. The system is not 
totally secure, as the key is transmitted in the clear through the channel and is avaOabfe for recovery by pirates. 

10 To overcome this difflcutty and referring to prior art Figure 2, a method of protecting the key during dis- 
tribution is introduced into the system of Figure 1. Prior to transmission, the key used to saamble source pro- 
gram 202 in program scrambler 203 is recovered from key memory 204 and itself encrypted in key encryptor 
210 using a secret serial number (SSN) from secret serial number database 211 which contains a list of the 
secret serial numbers of all legitimate subscribers. These seaet serial numbers may relate to the unique iden- 

15 tiftcatton numt>ers nr^ntioned above for each decoder of a netwoi1( of such decoders. The source program has 
now been scrambled using the key, and the key itself has been encrypted using a seaet serial number. Thus, 
the key is not subject to compromise or recovery during transmission in comparison with the system of Figure 
1 . In order to descramble the program, the pirate must first obtain the secret serial number of a legitimate de- 
coder, match it with the appropriately encrypted key, decrypt the key, and then descramble the program. The 

20 secret serial number is installed in decoder 206, for example, during manufacture in SSN memory 212 resident 
in decoder 206. The secret serial number is therefore unavailable to pirates provided that decoder 206 remains 
physically secure. 

Each secret serial number is unique to an individual decoder or. at least, unique to a group of decoders in 
order to be reasonably secure. The encrypted key may therefore be transmitted to each decoder individually 

25 by cycling through a database 211, containing all the secret serial numbers of the network in encoder 201 and 
fbnming a separate key distribution message in an addressed data packet individually addressed to each 
authorized decoder in the networtc. An individual decoder recognizes when its encrypted key has been received 
by reading the key distributron message attached to the encrypted key. Atypical address data packet is depicted 
in Figure 9 and described more fully t>elow. 

30 In known B-MAC systems, the key is distributed in an addressed data packet individually addressed to a 
particular subscrit^er's decoder by means of its unique identifk;atton number. The addressed data packet is typi- 
cally inserted in lines 4 through 8 of the vertk:al blanking interval. Each addressed data packet is typically ad- 
dressed to one individual decoder. As there are sixty fields generated per second (30 frames of 2 interiaced 
fields each) in a B-MAC or NTSC television signal, at the rate of one addressed data packet per freld, a possible 

35 sixty different decoders (or groups of decoders) can be addressed each second, or 3600 per minute, 215,000 
per hour, and over 5 million per day. Since each decoder need only be addressed when the service level or 
encryption lev^ changes, there are sufTicient frames available to individually address each decoder even in 
large systems. The address rate of the decoders may be inaeased by transmitting more than one addressed 
data packet per field. Additional data packets may be inserted in the vertical blanking internal or in the horizontal 

40 blanking intervals of each frame. The total number of possible addressable decoders is a function of the nuntber 
on data bits avaOable for decoder addresses. The B-MAC fonnat typically uses 28 bits for decoder addresses, 
allovnng for over 268 million possible decoder addresses. Attention is drawn to the United States Advanced 

Televisfon Systems Committee Report T2/62, "MULTIPLEXED ANALOG COMPONENT TELEVISION 
BROADCAST SYSTEM PARAMETER SPECIFICATIONS,"incorporated herein by reference, which describes 

45 the data format in a B-MAC signal. 

After receiving the addressed data packet, key decryptor 213 then decrypts the key using the secret serial 
number stored in SSN nr^mory 212. If service to any decoder 206 in the network is to be terminated, the secret 
serial number for that decoder ts simply deleted from SSN database 211. and decoder 206 is deauthorized at 
the beginning of the next key period. 

50 In a decoder such as the one shown in Figure 2, the pay television provider has to rely on the physical 
security of the decoder box itself to prevent a pirate from reading or modifying the secret serial number and 
key memories in the decoder or observing the key decryption process. In order to provkle the necessary physi- 
cal security, decoder boxes can be equipped with tamper-proof seals, specially headed screws and fasteners, 
or other tamper resistant packaging to make physical compromise of the decoder difficulL The sut>scriber is 

55 aware that tamperii^ with the decoder could alter the tamper-proof seals or damage the decoder and subse- 
quent examination could lead to discovery. 

There are several disadvantages of relying on the physical security of the decoder to maintain system sec- 
urity. First, the pay televtston provider has to maintain ownership and contrd over aQ of the decoders of the 
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network and then rent or lease ttie decoders to subscribers. The pay television provider is thus responsible for 
maintenance of all decoders and nrmst maintain an expensive parts inventory and maintenance staff. In addition, 
in order to initiate service^ a serviceperson must make a personal visit to the subscriber's location to install the 
decoder, tn a pay television satellite system, such installation and service calls could be quite costly for reiTK)te 
installations which could be located anywhere in the world. Further, the physical security of a decoder could 
be breached without fear of discovery if a pirate could obtain a decoder that had been stolen either during the 
distribution process or from an individual subscriber's home. 

Hence, the system of Figure 2 can be secure only under the following conditions: 

(i) It nmjst be impossible to read or modify the SSIM and key nnenrHMies in the decoder. 

(ii) It must be impossible to observe the key decryption process, or the links between the four elements 
(207, 208, 212. and 213) of the decoder. 

One way to achieve both of these goals is by the use of a so-called " secure microprocessor". 
Decryption Microprocessors 

15 

Figure 3 shows a block diagram of a typical prior art microprocessor 320 with processor 321. program mem- 
ory 322. memory address bus 328, nrtemory data 326 and nrtemory data bus 327. In such a device, input data 
323 is processed according to a program stored in program memory 322, producing output data 324. Program 
memory 322 can be "read out" through memory data bus 327. That is, the memory can be stepped through by 

20 sequentially incrementing nnemory address 325 through memory address bus 328 into program memory 322. 
Output memory data 326 from memory data bus 327 will reveal the entire program contents of microprocessor 
320, including any stored descrambling algorithm and secret serial number. With such data, a pirate can easily 
decrypt a key transmitted through satellite link 205 of Figure 2. 

Figure 4 shows a block diagram of an ideal secure microprocessor 420 adapted for securing an algorithm 

25 and secret serial number according to one aspect of the present invention. The major difference between secure 
microprocessor 420 of Figure 4 and microprocessor 320 of Figure 3 is that both n^mory address bus 328 and 
memory data tKJS 327 are absent, so there is no way to step through program memory 422 for the purpose of 
reading or writing. Memory references are executed only by processor 421 according to its mask-programmed 
code which cannot t>e changed. All input data 423 is treated as data for processing, and all output data 424 is 

30 the result of processing input data 423. There is no mechanism for reading or modifying the contents of program 
memory 422 via the data inputs. 

Modem devices are a close approximation to this ideal secure microprocessor. There is, however, one re- 
quirenrtent which causes a variation from the ideal. Following manufacture, there must be a mechanism avail- 
able to write into memory 422 the decoder specrftc seaet serial number 430, as well as decrypts n algorithm 

35 434. If th^ facility were available to a pirate, he could modify the secret serial number for the purpose of dontng. 
Therefore, this facility must be permanently disabled after the secret serial nun\t>er has been entered. 

A variety of techniques may be used to disable the facility for writing into the memory. Secure microproces- 
sor 420 could be provided with on-chip fusible data links 431, a software lock, or similar means for enabling 
the secret serial number 430 and descrambling algorithm 434 to be loaded into memory 422 at manutachjre. 

AO Then, for example, the fusible links shown in dashed lines are destroyed so that a pirate has no access to de- 
scrambling algorithm 434 or secret serial number 430 stored in program memory 422. 

In an alternative embodiment, the microprocessor of Figure 4 can be secured with an "E^ bit" The "E^ bit", 
a form of software lock, win cause the entire memory (typically EE PROM) to be erased if an attempt is made 
to read out the contents of the memory. The "E^ bit" provides two advantages; first, the memory is secured 

45 from would-be pirates, and second, the memory erasure will indicate that tampering has occun^. 

A pirate would have to have access to extensh^e micro-chip facilities and a stgniTrcant budget to compromise 
such a secure microprocessor. The physical security of the processor would have to be breached, destroying 
the processor and contents. However, integrated circuit technology continuously improves, and unexpected 
developments could occur whk:h might enable attacks to t>e made at the microscopic level which are nrare 

50 economic than those available today. Further, the worldwide market its pirate decoders for satellite transmis- 
sions would provkJe the economic incenth^e to the increasingly sophisticated pirate electronics industry to corrv 
promi^ such a unit 

Copying a single decoder comprising a microprocessor according to Figure 4 could lead to decoder clones 
based on the single secret serial number in that single decoder. Discovery would result in the termination of 
55 that secret serial number, and thus termination of all of the dones. However, a pirate would also have the option 
of using the single conrtpromised unit to recover the key. The pirate could then develop a decoder design which 
would accept the key as a direct input These pirate units could then t>e Slegalty dtstn*buted to subscribers, who 
wouki pay the pirate for a ntonthly update of the key. The consequence of a security breach could t>econYe ext- 
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remety damaging to the pay television provider. 
Replaceable Securrty Module 

5 Pay television providers are therefore at risk if security depends exclusively on the physical defenses of 
the secure microprocessor. Figure 5 shows a device which attempts to overcome the disadvantages of the de- 
vices of Figures 1 and 2 by providing a security device in a replaceable security module 514. Replaceable sec- 
urity module 514 comprises key decryptor 513, secret serial number menrwry 512 and key menrwry 507. As in 
Figure 2, encoder 501 scrambles source program 502 comprising video signals, audio signals and data in pro- 

10 gram scrambler 503 using a key from key memory 504. The key is encrypted in key encryplor 51 0 using a seaet 
serial number (SSN) from secret serial number database 511 which contains a list of the secret serial numbers 

of aD legitimate subscribers. 

The same SSN is installed in secret serial number memory 512 in replaceable security module 514 which 
is removably attachable to decoder 506. Key decryptor 513 of replaceable security module 514 decrypts the 

15 key using the secret serial number stored in secret serial number meiTK>ry 512. The decrypted key is then stored 
in key memory 507. Unlike Figure 2, the entire replaceable security module is removably attached to decoder 
506. Program descrambler 508 reads the decrypted key from key memory 507 in replaceable security module 
514 and uses the key to descramble and output descrambled program 509. Removable security module 514 
is designed to be replaced by the subscriber, preferably without any special tods and, thus, nrwst conventionally 

20 may comprise a plug-in module. 

The use of a plug-in external module gives the pay television provider the ability to upgrade the technology 
in the security device by swapping it out at very low cost In the event of a security breach, a new replaceable 
security module containing the program scrambling algorithm and SSN could be mailed out to auttrorized sub- 
scribers. The authorized subscribers could then remove the old replaceable security module from their decoder 

25 and insert the new replaceable security module then^elves. System security is thus recovered without the 
expense of replacing the entire decoder or the expense of sending a service person to replace the replaceable 
security modules In each decoder. In addition, it is not necessary for the pay television provider to own the de- 
coder itself. The decoder can be a generic commercially available unit purchased by the subscriber, or even 
integrated into the television Itself. To initiate servfce, the pay television provider need only nr^il the replaceable 

30 security module to the subscriber and no service call is necessary. 

Although the replaceable security module has the advantages of providing a guarantee that network sec- 
urity is recoverable following a breach, it also has some disadvantages. All the security resides in replaceable 
security module 514, and decoder 506 itself is a generic unit. The key signal which is generated by replaceable 
security module 514 Is observable at its transfer point to decoder 506. The key can, however, be changed suf- 

35 ficiently often to ensure that it has no value to a potential pirate. 

The problem with this approach is that a given removable security module 514 will operate with any decoder 
506, and that tampering with replaceable security module 514 does not Involve damage to decoder 506. Con- 
sequently, if replaceable security module 514 were to be compromised, piracy would become widespread very 
rapidly. 

40 

Multiple Encryption Layers 

Although the devices as described above show a single key to scramble the program signal (so^alled 
"single layer encryption") any of the prior art devices could also be practiced using a multiple key ("two layer" , 

45 "three layer", etc.) scrambling system. A multiple key encryption system with particular applications to a cable 
television environn^nt is described In U.S. Patent No. 4,890.319. to Seth-Smith. issued December 26. 1989. 
incorporated herein by reference. Rgure 6 shows an example of a prior art two layer encryptton encoder 601. 
Encoder 601 contains secret serial number database 611 which contains a list of secret serial numbers for all 
authorized subscribers, these serial numbers preferably being 56 bits In length. Key memory 604 stores the 

50 "Key of the Month" (KOM) which in this embodiment can be eithm* an "even" key for even rronths (February. 
Apni. June, etc.) or an "odd" key for odd months (January, March. May, etc.). The key could also be different 
for each month of the year, or could be rr^de even more unique, depending on the available data bits for such 
a key. In addltron. the key couW be changed more frequently or less frequently than the monthly basis shown 
here. These KOM's are preferably 56 bits in length. 

55 Key encryptor 610 encrypts the key selected from key memory 604 and outputs a series of encrypted keys 
Essf^OM] each encrypted with a secret ^rial number from secret serial numb» database 611, to data ntul- 
b'plexor 635. Seed nrtemory 636 contains a "seed" which is used for scrambling the audfo and vWeo signals. 
The "seed" can also be a data code or a signal similar to the key described above. Preferably, the seed changes 
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every 1/4 second. Seed encryptor 637 encrypts the seed with the key of the nrranth and outputs the encrypted 
seed Ekom[SEED] to data multiplexor 635. Thus the key has been encrypted wHh the secret serial number, and 
the seed encrypted with the key. Neither the key nor the seed can be easBy recovered during transmission. 
In this embodiment, source program 602 comprises a Multiplexed Analog Video (MAC) signal 639 with the 

5 typical chrominance and luminance signals described previously, along with multiplexed audio data 638 which 
may comprise several different audio and non-audio (data) signals. For example, there may be at least two 
channels of audio (stereo) and additional channels of teletext for the hearing impaired. In addition, there may 
be additional channels of audio related to the video signal such as foreign language translations, unrelated 
audio signals such as radio programs or data signals such as subscriber messages, computer data, etc All of 

10 these signals are digitized and multiplexed together, as is well known in the art, and the resulting multiplexed 
analog components, data 638 is then ready to be scrambled. 

The seed passes through pseudo-random bit sequencer (PRBS) 643 and then is added to multiplexed 
audio data 638 in adder 644. Together, pseudo-random bit sequencer (PRBS) 643 and adder 644 comprise a 
bit-by-bit encryptor 645 as is welt known in the art The resulting scrambled multiplexed audio data is then pas- 
ts sed to data multiplexor 635 and is multiplexed with the encrypted seed and key. 

MAC video signal 639 is scrambled in line translation scrambler 603 which scrambles the tines of the MAC 
signal using the "seed" from seed memory 636 for the scrambling algorithm. The resulting scrambled MAC sig- 
nal is then sent to multiplexor 632 which multiplexes the scrambled MAC signal with the output from data mul- 
tiplexor 635. The multiplexed data output of data multiplexer 635 is modulated into pulse amplitude modulation 

20 (PAM) format by P.A.M. modulator 645. The output B-MAC signal 646 contains MAC video signal 639 and mul- 
tiplexed PAM audio data 638, both scrambled with the seed, along with the seed encrypted with the key of the 
month, and a series of keys of the month which have been encrypted with the secret serial numbers of the sub- 
scriber's decoders, all multiplexed together. 

In order to descramble the B-MAC signal 646, a pirate must be able to decrypt one of the encrypted keys, 

25 and use that key to decrypt the seed. However, as in the single layer encryption device described in Figure 2, 
the pirate only needs to compromise one of the decoders in order to obtain a secret serial number, and thus 
decrypt the key. With the key, a pirate can then decrypt the seed, and with the seed, descramble the program 
signal. Additional "layers" of encryption (i.e. • more seeds and keys) make pirating more cumbersome, as the 
pirate must decrypt more seeds and keys, however, once the first key has been decrypted, the subsequent 

30 keys and seeds can be decrypted as well. In the embodiment shown in Figure 6. keys need be decrypted every 
month for the pirate to be able to de5cramt>le the program signal all year. The secret serial numbers, seed, 
and key, as used in Figure 6, can be used effectively by the pay television provider to terminate a particular 
decoder by secret serial numt)^and generally discourage piracy by anrtateurs. However, while this system has 
not yet been compromised, a determined pirate may compromise such a nmltHayered encryption system with 

35 the a kl of a compromised decoder, the heart of such piracy being the gaining of access to a secret serial number 
A particular problem involves the transmisston of the encrypted seeds and/or encrypted KOM's with the 
encrypted program signal to individual sut^scribers who may have their own antenna, commonly a backyard 
reception dish. Referring to Figure 11, prbr systems used a central control 1181 to insert addressed data pack- 
ets or other subscriber related infonmation into the program s'^nals to authorize those individual receivers who 

40 receive encrypted signals directly, not through a local distributor. Central control 1181 would transmit addressed 
data packets, via dedicated lines 1185, to uplink broadcaster 1183 (e.g., Home Box Office, Cinenftax. etc. ) who 
wouM in turn multiplex the addressed data packets with their program signals, usually encrypted. The signals 
would be transmitted to satellite 1105 and then back to an individual receiver 1189 typically through backyard 
reception antenna 1187. If a individual desired to receive certain programs, they would place a call through 

45 phone line 1 188 to central control 1181. Central control in turn would relay the individual's authorization request 
through dedicated lines 1185 to uplink broadcasters 1183. Uplink broadcasters then would multiplex the indi- 
vidual's new authorization code with ther particular encrypted program signals. The signals would then relay 
through satellite transponder 1105 to the individual's antenna 1187 and into their decoder box where the new 
authorization request would permit them to decrypt the new program signals. Such a system is cuirently used 

50 by General Instrunrtenfs Video Cypher II- TM system. Importantly, due to the transrrtission limitations of de- 
dicated lines 1185, typically telephone lines, a broadcaster could not rapidly address all subscribers. 

An additional problem with the prior art involve the upgrading of current television decoders to accept digital 
television sigruits. Prevknjsly, local cable television distributors would have to replace all existing converting 
boxes in subscriber homes with new converter boxes which could accommodate distal television signals. This 

55 was costly t>ecause new decoder boxes would have to be distributed and the old t>oxes collected and often 
times destroyed. AJterrmtivety, a local cable televisbn distributor could distribute new decoder boxes wtiich 
wouU only accept digital teJevtsk)n signals. Ttrus, subscribers would have their origtnal decoder box which 
wouki accept analog signals while the new box would accept digital signals. This too was costly as many circuits 
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within the two boxes would be redundant, additional spl iters would have to be added at a subscriber's home 
to provide for two coaxiat inputs to the boxes, in addition to other annoyances previously nnentioned. 

In view of the deficiencies of the above prior art devices, it still renrtains a requirement in the art to provide 
a scrambling system for pay television systems which does not rely solely on the physical security of the de- 
5 coder components to n>aintain system integrity. 

SUMMARY OF TH£ INVENTION 

Therefore, it is an object of the present invention to provide a decoder with a data interface for a removable 
10 security module. 

It is a further object of the present invention to provide a reptaceat>le security module capable of performing 
all the functions perfonned by the internal security module. 

It is a further object of the present invention to provide a system of double-encrypting the key using two 
different secret serial numbers respectively assigned to a subscriber's decoder and renfK}vat>le security module. 
15 It is a further object of the present invention to provide a replaceable security module for a television signal 
decoder where the replaceable security module will work with only one decoder and cannot be used with 
another decoder. 

It is still a further object of the present invention to provide a decoder where external security modules may 
be replaced without any disruption in a sut>scrit>er's reception of authorization signals. 

20 It is yet a further object of the present invention to provide a method of trartsmitting the same authorization 
signals on multiple channels, to individual subscription television receivers. 

It is yet a further object of the present invention to provide a low cost niethod of easily converting a decoder 
box to accept both analog and digital television signals without redundant circuitry. 

Many of the above-stated problems and related problems of the prior art encryption devices have been 

25 solved by the principles of the present invention which is able to twice-encrypt the key prior to transmission, 
first with a first secret serial number (SSNo) of the subscriber's replaceak>le external security nrK)dule, and again 
with a second secret serial number (SSN^) of the subscriber's decoder. The double-encryption technique dis- 
courages copying the replaceable exterrtal security module, as each replaceable security module will work only 
with its mating decoder. The system also allows the replaceable security module to be replaced following a 

30 system breach, thus allowing for recovery of system security. Furthermore, the present invention allows for un- 
interrupted transmission of decrypted signals upon replacement of the external security module by providing 
three steps of decryption. First. Incoming signals are decrypted using the second secret serial numbers of the 
subscriber's decoder, before a new replaceable external security nrK>dule is inserted into the decoder. Second, 
a valid key of the month (KOM) is delivered to the internal security module where it is decrypted using an alter- 

35 nate secret serial number (SSN). The packet is then forwarded to the new external security nrwdule where it is 
further decrypted and the valid KOM ts stored. Finally, decryption of incoming signals are then routed to the 
external security module which becomes the active security element 

The system comprises an encoder for encoding a signal, the encoder further comprising a signal scrambler 
and a first and second key encrypters. The signal scrambler scrambles the signal and outputs a scrambled sig- 

40 nal and a key for descrambling the scrambled signal. The first key encryptor Is coupled to the signal scrambler 
and p^orms a first encyrption on the key using a first secret serial number and outputs a once-encrypted key. 
The second key encryptor is coupled to the ftrst key encryptor and performs a further encryption on the once- 
encrypted key using a second secret serial number and outputs a twice-encrypted key. 

The system further comprises a transmitter coupled to the signal scrambler and the second key encryptor 

45 for transmitting the scrambled signal and twice-encrypted key. 

The system further comprises a routing n^nager/decoder coupled to the tran^itter for receiving and de- 
scrambling the scrambled signal. The decoder comprises first and second key decryptors and a descrambler. 
In the twice encrypted mode, the first key decryptor is coupled to the transmitter and performs a first key dec- 
ryptbn on the twice-encrypted key using the second secret serial numt>er and outputs a partially decrypted key. 

SO The second key decryptor is coupled to the fir^ key decryptor and perform a second key decryption on the 
partiaOy decrypted key using the first secret serial number and outputs the decrypted key. The descrambler is 
coupled to the second key decryptor and the traiismitter and descrambles the scramble signal using the de- 
crypted key and outputs the descrambled signal. The decoder may function without the use of a replaceable 
security nuxiule. In the event of a system t>reach or a service level change, a replaceable security rfiodule may 

55 then be inserted into the decoder to 'upgrade' the decoder. 

In another embodiment of the present invention, authorization signals are transmitted from a master upfink 
through a satellite transponder into a loop-t>ack uplink. At the loop-back uplink, program audio and video signals 
are combined with the authorization signals and sent back to the satellite transponder then to an individual sut>- 
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scriptton television signal receiver 

In a further emtKxJimBnt of the present invention, an easBy connectable nDodule or "side-car" is described 
which permits a standard decoder box to accept both analog and digital television signals. This digital side-car 
is capable of upgrading existing converter boxes without the duplk^atbn of non-video components. 
5 These and other objects and advantages of the invention, as well as the details of an illustrative embodi- 
ment, will be more fully understood from the following spedfication and drawings in which similar elements in 
different figures are assigned the same last two digits to their reference numeral (i.e., decoder 706 of Figure 7 
and decoder 806 of Figure 8). 

10 BRIEF DE SCRIPTIO N OF THE DRAWINGS 

FIG. 1 shows an example of a prior ait conditionai-access system for satellite transmission with a key signal 
sent in the dear to the decoder 

FIG. 2 shows an example of a prior art conditional-access system for satellite transmission using a single 
15 key encryption technique. 

FIG. 3 shows an example of a prior art microprocessor without a secure memory. 

FIG. 4 shows a secure microprocessor with a secure memory and fusitrie data links adapted for storing an 
algorithm and secret serial number according to the present invention. 

FIG. 5 shows an example of a conditional-access system for satellite transmission with a replaceable sec- 
20 urity module containing a first secret serial number. 

FIG. 6 shows another prbr art conditional-access system for satellite transmission using an additional layer 

of encryption, 

FIG. 7 shows one exemplary embodiment of the conditional-access system of the present invention with 
an encoder encrypting the key with both a first and second secret serial number, a satellite transmission system, 
25 and a decoder containing a first seaet serial number and a replaceable security module containing a second 
secret serial number. 

FIG. 8 shows an expanded view of the decoder of FIG. 7 
FIG. 9 shows a frame format for an addressed data packet. 
FIG. 9A shows a frame fomrtat for a system data packet 
30 FIG. 1 0 shows communications between a secure microprocessor, either internal or externa), and the rout- 
ing manager. 

FIG. 1 1 shows a prior art system of transmitting authorization signals and addressed data packets between 
a central control and an indivkjual television subscriber. 

FIG. 12 shows another embodiment of the present invention for transmitting the same authorization signals 
35 on multiple channels from a central control to an individual telev'sion subscriber. 

FIG. 13 shows another embodiment of the present invention where the decoder depicted in FIGS. 7 and 
8 may be easily upgraded to accept both analog and digital television signals. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

40 

Figure 7 shows the encryptbn system of the present invention comprising an encoder 701 for encoding a 
source program 702 for transmission over a satellite link 705 to at least one decoder 706* According to Rgure 
7, the key is encrypted and addressed to individual decoders, simitar to the device in Figure 5. However, in 
this case, the key may be encrypted twice. 
45 Encoder 701 has an active security selection memory 721 containing the active security selectbn. The ac- 
tive security selectton selects the fixed security element 710 or the replaceable security element 714 as the 
active security element Only the active security element will received B-MAC signals and supply the seed to 
the program scramble 703. 

A key memory 704 contains the active security selection 721 and the seed used to scramble program 702 in 
50 program scrambler 703. Alterrmtively, as in FIG. 6, key memory 604 could contain keys of the month (KOMs) 
which are used to encrypt a seed. This seed is used to encrypt the source program 702. In this double encryption 
technique, the KOM is first encrypted in first key encryptor 710 with a first secret serial number (SSNo) stored 
in SSNo database 711. The KOM ts further encrypted in second key encryptor 71 5 with a second secret serial 
number (SSNt) from SSNi database 716. This process continues for each SSN so as to produce a series of 
55 encrypted keys which are then multiplexed with the scramtded program via multiplexer 732 and transmitted via 
satellite link 705. 

Decoder 706 receives and denuiftiplexes the encrypted program and encrypted keys via demultiplexer 733 
and perfomts a fir^ key decryption in internal security module 719 which is an integral part of the decoder 706. 
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A second decryption takes place in a replaceable external security elennent 714 which is mounted on the exterior 
of the decoder 706, for example, as a plug-in module. Alternatively, the encrypted key could be sent separate 
from the encrypted program over two separate channels as described in copending application serial number 
473,442, incorporated herein by reference. 

5 Internal fixed security n^odule 719 is the default security element when the replaceable external security 
nr)odule 714 is not installed. Internal security module 719 will receive system data routed from routing manager 
708. The authorization and control data will preferably comprise or include addressed data packets as depicted 
in FIG. 9 and system data packets depicted in 9A. Addressed data packets 9a include preferably a 28 bit user 
identfficaUon number or address 9a which is sent unencrypted. This user address conre spends to a user ad- 

10 dress contained in both internal and external security modules 719 and 714. The routing manager 708 senses 
the unique user address of only internal security module 719 and correspondingly routes the entire addressed 
data packet 9e to the specified security module. Following the user address are two unencrypted bits 9b and 
9c. The first bit 9b determines whether the addressed data packet is to be ultinrtatety routed to the internal sec- 
urity nrodule 719 or to the external security module 714. The second bit 9c determines whether the infomiation 

15 which follows, encrypted inforfnatk)n 9d, is encrypted either once or twice. If bit 9c indicates double encryption, 
then both the internal security module 719 and the external security module 714 are required to decrypt it The 
bits of encrypted data 9d would include authorization and control data, e.g., the key of the nrH>nth. subscriber 
authorization data such as user der information, pay-per-view information, or other subscriber specific or de- 
coder specific data. Generally, authorization data determines whether a particular subscriber or decoder is 

20 authorized to receive and decrypt a particular program or view pay-per-view programs, etc. Control data may 
include signals to detenrtine where data packets are routed, energy management data, burglar alarm data, or 
other decoder component enabling signals. 

Table 1 shows how addressed data packets 9e are routed depending upon the value of bits 9b and 9c. 

25 



Destination 
Bit 9b 


Encryption 
Bit 9c 


Routing of Address Data Packet (ADP) 
Result 


internal 


single 


ADP to internal security module only 


internal 


double 


ADP to external module first, then to 
internal 


external 


single 


ADP to external security module only 


external 


double 


ADP to internal module first, then to 
external 



TABLE I 



The system data packet shown in Figure 9A contains program specific information and is sent and proces- 
sed by all decoders. The system data packet 9h includes an intern al/extemal destination bit 9f stmBar to bit 9b 

45 in addressed data packet 9e. Bit 9f determines where the system data packet is routed by routing manager 
708, specifically, whether packet 9h is routed to the internal or the external security module. The infomfiation 
following, 9g, is encrypted data including the encryption seed, program tier infomraation whk:h detenmines in 
which tier the particular program is located, the cost of the program for pay-per-vtew purposes, checksum bits, 
and any additional information which is specific to the program or channel in which system data packet 9h ts 

50 transmitted. Restating, system data packets 9h are spectftc to a particular program or channel, and are pref- 
erably inserted by program tKoadcasters (shown as 1183 in Rgure 1 1 and 1286 in Figure 12). Each program 
is preferably encrypted with its unique seed. 

As cfiscussed earlier with reference to Rgure 6, the internal and external security nuxtules must Ttrst receive 
and decrypt their unique addressed data packets to recover the key of the month. Using this key of the month 

55 then, the internal and external security modules would use this key of the month to decrypt the ^ed from system 
data packets 9h. Finally, the seed is sent from the security modu\e through routing rrmnager to video descranv 
bler 873 or audio/data decryptor 874 so as to decrypt a program video or audio. 

AD data contained in addressed data packet 9e and system data packet 9h may be processed by the internal 
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security module 719. Similarty, the external security module 714 may replace the functionality of the internal 
security module 719 when it is installed. External security module 714 will be used as the active security element 
when directed by unencrypted data bit 9f of system data packet 9h. This allows external security nrwdule 714 
to be deployed, inserted and authorized with addressed data packet infonnation (particutariy, KOM's) before 

5 the system switches the active security elen^nt from the internal security module 719 to the external security 
module 714. This process will be described more fully below. As previously mentioned, addressed data packets 
9e contain user addresses 9a which is unencrypted and unique to each internal security module 719. The ex- 
ternal security module 714 also has a unique user address which is used to track location of external modules. 
Once the external security module 714 is inserted, it may customize itself to the user address of the internal 

10 security module 719 by having the user address of internal security module 719 route its address to external 
security module 714 which may store this address in secure menrtory 720. 

The addressed data packets 9e are used to deliver decoder specific infonmation to a single decoder, pref- 
erably using the loop-back method described below with respect to Figure 12. In a B-MAC television s^nal, 
the addressed data packets are preferably transmitted during the vertical blanking internal of each frame as 

15 discussed in the background of the invention. Each subscriber would have a unique address data packet cor- 
responding to their decoder 706. Each decoder fe assigned a single unique user address and a conresponding 
secret serial number (SSN). The user address and corresponding secret serial number are not identical, nor 
or they related. Preferably, the secret serial numbers are generated using a random number generator. When 
an address data packet with a corresponding user address is received, the packet can be decrypted thus re- 

20 vealing the KOM and data. All decrypted data (e.g., KOM's, tier data. PPV. etc.) is held within a secure menrtory 
within the module (707 or 720). The packets preferably contain a checksum which is used to verify both correct 
reception and decryption of the data. All addressed data packets are recerved by the routing manager 708. and, 
depending upon the value of bit 9b, sent to the indicated security module for decryption. The decrypted and 
stored data is used by the conditional access software or program authorization software contained within the 

25 security modules to determine whether a particular program is to be decrypted depending upon a subscriber's 
tier, pay-per-view account, etc. Security modules 714 and 719 also determine whether a particular piece of en- 
crypted data is to be placed within its secure memory module. For example, the call back telephone number 
used by modem 875 need not be stored in the secure memory, and thus, is passed to the nnodem. 

Both replaceable security module 714 and an internal security element 719 of decoder 706 may be con- 

30 structed according to the principles of F^ure 4. For example, the second secret serial number SSN, may be 
loaded into SSN, menrwry 71 7 of module 714 via fusible links, and then these links destroyed during manufac- 
ture. Similarty, SSN© nr^emory 712 of intemal security element 719 may be loaded Airing nmnufacture over a 
fusible link and then the link destroyed. Also over a fusible link, algorithms may be loaded into key deoyptors 
718, 713 during manufacture and the fusible links subsequently destroyed 

35 The replaceable security module provides the pay television provkJer with the option of replacing system 
security by mailing out new replaceable security nxxlules to all authorized subscribers. Returned replaceable 
security modules 714 could be re-used for a different decoder if the Bnks were not destroyed by reprogramnting 
the SSNq and SSNt databases 711 and 716 to correspond to the combination of the first secret serial number 
of decoder 706 with the second secret serial number of secur^ module 714. Preferably, the returned replace- 

40 able security nrKKlules 714 are destroyed, and a new replaceable security module 714 sent to a subscriber, 
incorporating dianges and improvements in the security technology to thwart potential pirates. In the event of 
a security breach, it is only necessary to replace the replaceable security module and not the complete decoder 
in ordo-to restore system security. Most advantageously, the subscriber replaces the external security module 
without special assistance, and returns the old rTK>dule to the service provider. 

45 Referring to Rgure 8, an enlarged picture of encoder 708 is shown, particulariy. program descrambler/rout- 
ing manager 708 is more fully depicted. Incoming television signals, preferably B-MAC television signals, are 
input into demultiplexer 833. The demultiplexer separates video, digital audio, teletext and authorization and 
control data. The authorization and control data, particulariy addressed data packets 9e and system data pack- 
ets 9h. are input into display and communication processor 870. Demultiplexer 833 also provides error correct- 

50 ing and data recovery for the incoming signal. Furthermore, the incoming signal is fonmatted into a form which 
is more easily usable by the display and communications processor 870. 

The authorization and control data, partteutarty addressed data packets 9e are input into the user interface 
logic 871 and the security routing manager 872 of the display and communication processor 870. Specifically, 
the incoming data rate is usually too fast for processor 870 to handle, therefore denrtultiplexer 833 stores and 

55 formats the data, and inputs it as a parallel stream into user interface k>gic 871 and security routing manager 
872. If the addressed data packet 9e contains the unique user address 9a (rf this particular decoder 606 and 
the decryption bd 9c is set to single erK^ryption. user interface logic 871 commands security routing manager 
872 to pass the addressed data packet into intemal security module (inboard security element or I5E) 819. if 
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destination bit 9b is so set Altemativety, if destination bit 9b is set for the external security module 814, security 
routing manager 872 forwards the address data packet through coupler 879 to the external security module 
(outboard security element or OSE) 814. See Table 1 . 

If encryption bit 9c is set for single encryption, then depending upon destination bit 9b, either the internal 

5 or external security module decrypts the encrypted address data packet information 9d. Once the KOM is de- 
crypted. It is stored in secure nr^mory 720 and 707, then used to decrypt the seed. This seed, preferably chang- 
ing very frequently compared with the KOM, for example, every 1/4 second, is then routed from either the 
Internal or external security module through routing manager 872 to video descrambler 873 or audio/data de- 
cryptor 874. The seeds are used in video descrambler 873 and audio/data decry ptor 874 to decrypt the video 

10 and audio/data respectively. Since the seed changes so frequently, every 1/4 second, it is not critical that the 
seed is sent unencrypted to video descrambler 873 and audio/data decryptor 874. 

If encryption bit 9c is set for doubling encryption and destination bit 9b is set to extemaf. then an incoming 
add-essed data packet 9e is partially decrypted first in the internal security module using a first secret/confi- 
dential serial number, and then finally decrypted in the external security module using a second secret/confi- 

15 dential serial number. The KOM is once again stored in secure memory 720 and is used to decrypt the seed. 
Coupler 879 is also connected to audio/data decryptor 874 to allow for the audio/data decryptor to be up- 
graded by an external security nfK>dule 814 which could contain additional decrypting algorithms directed to 
audio/data only. This would provide for increasing security of encrypted audio if current encryption of the audio 
had been compromised. 

20 Telephone modem 875 may include a microprocessor to allow either the internal or external security mod- 
ules 819 and 814 to communicate to encoder 701 or other facilities via telephone lines. This feature will be 
discussed more fully below. 

Also shown in Figure 8 are front panel display 878 which includes input buttons for a subsaiber and a dis- 
play preferably on the front of decoder box 806. On-screen displays/teletext 877 provides for on-screen mes- 

25 sages or teletext to be either overlayed or displayed on a subscriber's television screen. 

Transferring Security Functions Between Modules 

The process of transferring the security functions from the internal security module to the external security 
30 rrKKlule will be described now: Initially, all security functions are perfonmed by internal security module 719. If 
a security breach occurs, it may be defended against by rr^nufacturing and distributing external security mod- 
ules with instructions for installation into decoder 706. At this point, the external security element does not have 
a valid key of the month in its secure memory 720 nor any appropriate tier and event numbers for the particular 
subscriber. Therefore, the external security element 714cannotyet perform any independent security functions. 
35 The KOM is delivered to the internal and external security modules using encrypted addressed data pack- 
ets 9e. Because the external security element is installed to upgrade security, the addressed data packets for 
the internal security nrK>dute and the external security module are encrypted differently using KOM's unique to 
each intemal and each external security rrtodule. Therefore, the non-encrypted bit 9b determines the destination 
of the address data packet 9e, as shown in Table 1 above. 
40 During thb transition stage, addressed data packets carrying the next KOM are transmitted with destination 
bit 9b set to the externa) security rm)dule, with encryption bit 9c set to double encryption. The routing manager 

708 still delivers the address data packet 9e to the intemal security module first, but now the intemal security 
module decrypts the address data packet 9d using an alternate secret serial numt)er contained within its secret 
serial numt>er memory 712. This alternate secret serial number is not the one which is normally used by the 

45 intemal security nDodule for decrypting addressed data packets 9d. The result of this decryption using the alter- 
nate secret serial nunr^r is passed back to the routing manager 872 and forwarded to the external security 
OKxluIe 814 for final decryption using the secret serial number of the external security module. Thus, the key 
of the mon\h is twice encrypted, first with the alternate secret serial number and second with the external sec- 
urity module's secret serial number. This twice encryption prevents casual miration of external security mod- 

50 ules between decoders 706 since t>oth decoder-specific decryptions must be successful. Restating, the KOM 
is twice encrypted during the transition stage with a secret serial number stored in the secure n^emory of the 
interna) security module, and a secret serial numt»er stored In the secure memory of the external security nrKxiule 
for each interna) and externa) security oKxiute in existence. 

tf the KOM was not twice encrypted with an a)temate SSN, then a pirate could alter destination and en- 

55 cryption bits 9b and 9c to transmit a decrypted KOM between security modules, and thus intercept is during 
transmission. By using the alternate SSN, if tampering of destinatnn and encryption bits occur, the intemal sec- 
urity module would t>elieve the encrypted KOM were encrypted using the regular SSN, and thus could not de- 
crypt the KOM. Only partially decrypted KOM's are passed between modules and only in the double encryption 
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state. The present system prohibits the use of exchanging external security modules t>etween decoders since 
both SSNs must correspond with a twice encrypted KOM. 

When the next KOM has been transmitted to and stored in all decoders 706. then the encoder 701 prefer- 
ably changes the system data packet destination bit 9f to the external security n^ule and encryption bit 9c to 

5 double encryption. The external security module 714 now becomes the active security element and assumes 
all security functions. Thus, the decrypting seeds are now decrypted with the KOM and released from the ex- 
ternal security module 714 through security routing manager 872 to the video descrambler 873 and audio/data 
decryptor 874. Since the external security module now also contains the subscriber's authorization data such 
as program and service tiers, and pay-per-view event authorization in its secure non-volatQe memory, it may 

10 conditionally release seeds to decrypt specific programs independent from the internal security module. Simi- 
lariy. being an independent security module, the external security module may record impulse pay-per-view 
event purchases from the user interface logic 871 and upload this infonmation to a phone manager via telephone 
nrxKlem 875 using encrypted communications as described below. Encryption bit 9c may be changed to single 
encryption if so desired. The reason for adding an external security module is to recover security after the in- 

15 temal security module had been comprised. Thus, in the preferred embodiment double encryption is used and 
the external security module becomes the active security element upon compromise of the internal security 
module. 

Once external security modules have been deployed, new security functions (including new secret serial 
numbers, encrypting algorithms, software or physical security) may be incorporated into the internal security 

20 module so that an external security module is not required in new decoder boxes which are distributed after 
external security modules have been distrit>uted. Still, an empty coupler 879 is provided for future external sec- 
urity modules. To provide for compatible transmission to future external security modules, the internal security 
nrvodule in these new decoder boxes must functionally emulate the previous-generation internal security mod- 
ule, as well as perform the same function as the internal-external security module combination, and It must re- 

25 spond to both address data packet destination bit 9b and encryption bit 9c. 

If a previously distributed external security module is compromised, a new external security nrxKiule is de- 
ployed, with the sutkscriber removing the old and inserting the new. The new external security module wOl not 
have the key of the month, or the subscriber's authorization and control data such as tiers or event numbers. 
Therefore, to maintain continuity of service, alt security and authorization functions are temporarily returned to 

30 the internal security module. Prior to distribution/mailing of the new external security modules, addressed data 
packets are transmitted with the destination bit 9b set to the internal security module and encryption bit 9c set 
to single encryption. Thereafter, the previously described steps are perfonmed with encryption bit 9c changing 
to double encryption to allow the new KOM to be twice decrypted and stored in the new external security nrtodule. 
Finally, security, authorization and control functions are switched to the external security module with encryption 

35 bits set for either or double. 

Summarizing, if a system breach occurs, the pay televteion provider then mails out replaceatde external 
security modules to &ut>scribers. switches decryption to the internal security nDodule untB all decoders have the 
new KOM. then uses decryption through the external security nrKxlule only or uses the double encryption tech- 
nique, and ttujs recovers system security. The optional usage of the replaceable external security module has 

40 other attractive benefits as well. Subscribers who do not pay for any premium channels may not be sent a re- 
placeable security module, as the "basic* channels may only use a once-encrypted key or may even be sent 

in the clear. If the subscriber wishes to upgrade to a premium channel or channels, the pay television provider 
may then mail that subscriber the appropriate replaceable security module. 

In addition, the replaceable security module may be used to add other addittonat features. Many cable tele- 

45 vision s ystems offer option al services such as 1 PP V (1 m pul se- Pay-Per-View) wh ich requ ire two-way comnuin i- 
cation between the decoder 706 and the headend. In the past if a subscriber wished to upgrade to IPPVsen/k:e. 
a subscriber's decoder would have to t>e altered by inserting a IPPV module internally or by adding an IPPV 
"skie car" externally. Alternatively, the entire decoder would have to be replaced. All three optk>ns would neces- 
sitate a service call, causing inconvenience to the subscriber, and expense to the pay television provkler. Simi- 

50 larly. when a pay telev6k)n provder wishes to upgrade its entire encoder/decoder system , it nrujst provide a 
new decoder to each subscriber whk:h will work in the interim with both the old and new encoding techniques, 
as it is neariy imposa'ble to replace aO subscn'l)er decoders simultaneously. Thus a decoder manufacturer is 
faced wth the added expense of providing his state-of-the-art decoder with extra circuitry in order to function 
with the pay television provider's old encoder for the few months during the change over period. 

55 In all of the above instances of upgrading existing service, the replaceable security module 714 may be 
used to upgrade the decoder 706 without the expense and inconvenier^^e of a service call. The replaceable 
security module 714 may be mailed to the subscrit>er and the sut>scrit>er can then insert the replaceable security 
nwdule 714 and instantly upgrade the decoder or add additkmat features (such as IPPV). alter the decoding 
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technique, or provide an additional level of security. Preferably, IPPV is incorporated within the decoder 706. 
Notably, the replaceable security module 714 n^ay add additional software features to the decoder. 

The replaceable security module 71 4 may take one of several forms. In the preferred embodiment, the mod- 
ule may comprise a "smart card", a plastic "aedit card" with a built-in microprocessor (such as a 68HC1 1 mi- 
ff croprocessor), such as described by the Intenrtational Standards Organization in standard ISO 7816/1 and 
IS07816/2. Attention Is drawn to U.S. Patent No. 4,841,133 issued June 20, 1989 and incorporated herein by 
reference, describing such a "^art card. * The "smart card" may be equipped with a series of electrical contacts 
which connect to contacts in coupler 879. Preferably 16 contacts are provided so as to allow for plenty of expan- 
sion room if additional features are included in the future, since only 6 to 8 of the contacts would be used by 
to the present invention. The contacts may provide power to the card, along with clock signals and data trans- 
mission. Additional contacts may be provided to allow connection between coupler 879 to audio/data decryptor 
874. These additional contacts vyroutd allow for additional decrypting algorithms to be applied in conjunction 
with or independent from those decrypting algorithms contained in decryptor 874 or for some other purpose. 

15 Use of Telephone Controller/Modem 

Pay-per-view programming Is defined here as any programming where the subscriber can request authori- 
zation to watch a particular program. In many pay television systems, pay-per-view programming is used for 
sporting events (boxing, wn-estling, etc.) which are not transmitted on a regular basis. A subscriber wishing to 

20 view the event must receive authorization in the form of a special descrambler mechanism, or in the form of a 
special code transmitted or input to the subscriber's decoder. Some pay-per-view television systems allow the 
subscriber to request a pay-per-view program (i.e. - movies) to v/atch. The pay television provider then transmits 
the requested program and authorizes that subscriber's decoder to receive the signal. 

Impulse pay-per-view (IPPV) programming is defined here as any programming where the subscriber has 

25 a pre-authorized number of "credits' saved In his individual decoder. If a subscriber wishes to view a particular 
program, the subscriber merely actuates the decoder, the appropriate number of credits are subtracted from 
the subscriber's remaining credits, and the subscriber is immediately able to view the progranx Pay television 
systems are disclosed, for example, in U.S. Patent No. 4,484,21 7 and 4,163,254 to Block, incorporated herein 
by reference. 

30 In a pay-per-view emt>odiment of the present invention, the decoder may send a signal to the headend via 
the telephone controllerAnodem 875 with a request for authorization to decode a pay-per-view program. Pref- 
erably however, secure memories 720 and 707 store authorization Information (i.e. -credits) for pay-per-view 
programming, and the security modules forv/ard actual pay-per-view data via the telephone controller/nrwdem 
875 at a later time. 

35 The telephone conbt>ller 940 could be a computer modem type device, or could work using touch-tone sig- 
nals to cOTnmunicate with the headend. Preferably, the telephone contrdter is a modem type device, comnwjni- 
eating with the headend using a frequency shift keying or FSK protocol. Attention is drawn to U.S. Patent No. 
4.926,444, issued May 1 5, 1990, describing FSK operatfon and incorporated herein by reference. The pay tele- 
vision provider can thus send appropriate authorization information (TEL) to the subscriber, encrypted with a 

40 subscriber's secret telephone number (STN). The secret telephone number is not a telephone number in the 
ordinary sense, but rather another type of secret serial number, which could be assigned to a given telephone 
controller/modem 875 or series of telephone controllers. Once received by processor 870 of decoder 90S, the 
authorization information may be routed and used to enable descrambling of a particular pay-per-view program 
or programs. 

45 In another embodinnent, which could be used in conjunction with the pay-per-view emt>odiment described 
above, the telephone controller/modem can be used to receive the KOM encrypted with the secret telephone 
number. The encrypted program signal Is input to decoder 806 through modem 875 into processor 870. Modem 
875 must be capable of providing the hjnctions of demultiplexer 833 so as to separate the addressed data pack- 
ets 9e, input them into processor 870 which wit then route them to the prescribed security nKxlule. 

50 The telephone controller 875 can be programmed to call the headend at a predetennined tinrte or at a pre- 
determined time interval, or upon receiving a signal from the headend preferably when phone usage is at a 
mininrtum fi.e. - earty morning hcnirs). The telephone controller can caD the headend via a toll free 1 -800 number, 
a so-called "Vatts" line, or via a tocal call to a commercial data link such as TYMNET or TELENET. Preferably, 
the present invention would use the data return system described in application entitled DATA RETURN FOR 

55 A TELEVISION TRANSMISSION SYSTEM, having serial number , incorporated herein 

by reference. Once the caQ is connected and ccmtrmintcations established, the decoder 806 uploads to the 
headend a record of pay-per-view usage encrypted with the secret telephone STNv The headend may then 
(k3wnload data similaity encrypted to the decoder 806 including new keys, secret serial numbers, or decryption 
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algonthms. The encrypted key or other encrypted data may be sent to either internal securrty element 819, or 
the replaceat)le security module 814. The information transmitted from the headend may come the tele- 
phone line through modem 875 into processor 870 or preferably through the satellite TV input into box 833 and 
on into processor 870. 

5 As discussed at>ove, a new secret serial number or decryption algorithm, encrypted with the secret tele- 
phone number, may be sent from the headend to a decoder through telephone contrdier 875. The encrypted 
secret serial number or decryption algorithm is then decrypted and stored in the selected security modules. 
This downloading of decryption algorithms and secret serial numbers via the telephone controller 875 is some- 
times called an "E^ patch", and allows the pay television provider to maintain or recover system security by 

10 loading new information into a decoder's EEPROM. An E^ patch does not necessarily entail changing the entire 
decryption algorithm in the decoder 806. The secret serial number or merely a portion of the decryption 
algorithm, such as a particular byte or data table need only be changed in order to sufTiciently alter the dec- 
ryption algorithm. The E^ patch allows the pay television provider or upgrade the encryption system to fix "bugs" 
and recover system security. 

15 After receiving a signal through the telephone controller 875. the headend will send an acknowledgment 

signal to the decoder, indicating that information has been received. Similarly, after data has been downloaded 
from the headend to the decoder through the telephone controller/modem, the decoder will return an acknow- 
ledgment signal through modem 875 to the headend that data has been received. Hereto, the present invention 
would preferably use the data retum system described in application entitled DATA RETURN FOR A TELEVt- 

20 SION TRANSMISSION SYSTEM, having serial number , incorporated herein by refer- 

ence. 

In addition to pay-per-view requests or records, telephone controller 875 can also be used to upload other 
signals from the decoder. For example, tamper protection infonmation such as described in ccnnectk)n with Fig- 
ure 4 can be sent indicating whether or not the decoder has been tampered with. Further, program viewing 

25 informatk>n can be uploaded to the pay television provider for television rating purposes (i.e.. - Nielsen ratings). 
In general, any data that can be delivered via the B-MAC input of Figure 9 (or NTSC, PAL« SECAM. etc.) 
can also be downloaded through the telephone controller 875. Such information includes, but is not limited to. 
blackout codes, tiering infomnation. personal messages, number of avaOable credits, group identification num- 
bers, and other system data. Generally, the telephone controller 875 is used for infrequent communications. 

30 such as periodic security level changes and IPPV requests, due to the limSed bandwidth of telephone lines 
and the increased cost of sending information via telephone versus the B-MAC input. 

The telephone infonmation (TEL) encrypted with the secret telephone number (STN) rennains encrypted 
throughout the decoder 806 and may only be decrypted in the security modules. The decrypted telephone in- 
fonmation does not pass out of the security modules, in order to prevent observation by a pirate. For decoder 

35 806 to descramble a scrambled program, both the telephone information and the addressed data packet re- 
ceived through the B-MAC input must be present By relying on both informatbn sources, piracy is virtually 
impossible, as the potential pirate must break into the pay television provider's telephone system as well as 
decrypt a twice-encrypted key. 

Figure 1 0 shows conrtmunications between a secure microprocessor, either internal or external, and the 

40 routing manager. Decoder 1006 comprises secure microprocessor 1050 with secure memory 1052. Secure 
menK>ry 1052 contains a set of secret serial numbers SSNq, a secret telephone number STIsio unique to that 
decoder or a series of decoders loaded during manufacture and secured with an "P bit" as discussed in con- 
nection with Figure 4 or other security, the encryption algorithm E, and other authorization informatk>n. Encryp- 
ted program signal Ekomo(SYS) 1053 and once-encrypted key-of-the-fTK>nth EssnoC^OMO) 1054 are input to 

45 decoder 1006 along with optk>nal encrypted telephone data Estno(TEL) 1055. 

Secure microprocessor 1050 decrypts encrypted telephone data Estno(TEL) 1055 using the secret tele- 
phone number STNo stored in ^cure memory 1052. The decrypted telephone data (TEL) is also stored in sec- 
ure memory 1052 to prevent observation by pirates. The telephone data (TEL) may provide authorization 
infonnatk>n to decoder 1006 as to whether decoder 1006 is presently authorized to decrypt some or all of the 

so received encrypted programs. In additk>n. other information may be transferred between the decoder and the 
headend as dbcussed in connection with Figure g. 

Transmbston of Addressed Data Packets 

55 Regarding the transmission of the encrypted signal with the addressed data packets 9e. previous systems 
incorporated a central control at the t>roadcasting uplink. As previously discussed and refenring to Rgure 1 1, 
prior systems used a central control 1181 to insert addressed data packets or other subscrit>er related infor- 
mation into the program signals to auttorize those indivkhial receivers who receive encrypted signals directly. 
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not through a local distrit>utor Central control 1181 would transmit addressed data packets, via dedicated lines 
1185. to uplink broadcaster 1183 (e.g.. Home Box Office, Cinemax, etc.) who would in tum multiplex the ad- 
dressed data packets with their program signals, usually encrypted. 

Under the new system and referring to Figure 12, a subscrit>er authorization computer 1282 and supervis- 

5 ory control computer 1280 are provided which input the same subscriber and system data via addressed and 
system data packets 9e and 9h to master uplink 1284. The subscriber authorization computer 1282 and the 
supervisory control computer 1280 are t>oth current products manufactured and sold by Scientific-Atlanta. Sub- 
scriber authorization computer 1282 contains all subscriber or decoder specific data in a targe database. This 
subscriber specific data is then fonrrtatted into addressed data packets 9e for multiplexing with audio and video 

10 in master uplink 1284. Simitariy, subscriber authorizatbn computer 1282 contains system wide infonmatton 
specific to particular programs in a large database and is fonnatted into system data packets 9h for transmis- 
sion. Master uplink 1284 multiplexes the system and addressed data packets with audio and video to produce 
a typical B-MAC signal. This signal may tie received by any subscriber who may use the data packets to decrypt 
the program. The addressed and system data packets 9e and 9h are then transmitted on a channel with the 

15 audio and video to satellite transponder 1205 via satellite uplink 1283. 

The signal is reflected from satellite transponder 1205 to satellite receiver and uplink 1283. The addressed 
and system data packets are received by loop-back uplink 1286 where they are stripped away from the audio 
and video program signals inserted at master uplink 1284. The packets are then multiplexed with different audk> 
and video program signals and retransmitted to satellite transponder 1205. The combined signals are then 

20 bBnsmitted to the individual receiver 1289 via receiver 1283 where they are decrypted. With this system, ad- 
dressed data packets may be received by several loop-back uplink broadcasters who may multiplex these pack- 
ets with their scrambled program signals. They may also take selected portk)ns from the system data packet 
9h, for example, tier information, pay-per-view cost data, etc. In this way, all loop-back uplink broadcasters pref- 
erably send broadcasted B-MAC program signals with data packets to all subscribers. A subscriber may tune 

25 to any channel to receive both the scFamt)led program and data packets to decrypt the program. The system 
wide data which may be combined at loop-back uplink 1286 preferably includes the call-back data described 
in application having serial number entitled DATA RETURN FOR TELEVISION TRANS- 

MISSION SYSTEM, incorporated herein by reference. 

In this system, the need for dedicated lines 1 185 to each broadcaster is obviated since the addressed data 

30 packets may be transmitted from master uplink 1284 to a variety of loop-back uplinks 1286 for the various pro- 
gram distributors (e.g., HBO. Cinemax, etc. ). The addressed and system data packets are in the form depicted 
in FIGS. 9 and 9A respectively, and preferably placed in a B-MAC format Thus, loop-back uplink 1286 must 
decode the B-MAC signals to remove the loop-t>ack fomiatting so as to extract each individual encrypted ad- 
dress data packet 9e to be nnjitiplexed with their particular encrypted program signal. 

35 Additionally, the present inventbn may operate in a full field KOM mode which would be able to rapidly 
address all decoders 706 in the network. In a B-MAC television signal, the addressed data packets are pref- 
erably transmitted during the vertical blanking interval of each frame as discussed in the background of the 
invention. Typically, KOMs and addressed data packets are sent during five lines of the vertical blanking interval 
for each ftekl. This produces roughly 6,000 bytes per second of data. This amount of data may be transmitted 

40 over dedicated lines 1 165 of the prior art However, if a broadcaster wanted to rapidly address all subscribers 
they were limited by the transm^skin capabaities of the dedicated lines 11 85 typically telephone lines by a tele- 
phone company. Under the present invention, roughly 500 kilobytes per second of data may be sent in the full 
field nrKxje. 204 video lines plus the 5 vertical blanking interval lines are avaflable in this mode, per field, for 
transmitting addressed data packets. Consequently, if a broadcaster wanted to rapidly authorize PPV or IPPV 

45 viewing for a recently upcoming program (e.g., a boxing match), the broadcaster may do so with the present 
system. A text saeen may appear on all subscriber's television sets which may indicate wtrat was occurring. 

With this system, an individual subscriber with a satellite receiving dish nrtay receiver program signals and 
data packets from all satellites, regardless of which channel he is tuned, tf he is authorized to decrypt a particular 
program signal, the signal w3l contain his unique address data packet which is routed by processor 870 and 

50 decrypted by the particular security nwdule. 

Digitally Upgrading the Decoder 

Referring to Figure 13. a method of converting the analog decoder box depicted in Figure 7 as 706 and 
55 Figure 8 as 808 from an analog configuration to also accept digital television signals is shown. The original 
analog decode box is depicted as 1306 where Incoming signals are down converted in down converter 1365. 
Preferal^y tnooming signals are in the t band regbn, having frequencies between 0.95 and 1 .45 gigahertz, how- 
ever, any other frequencies may be used. These frequencies are down converted to a fUed frequency more 
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manageable by the decode, preferably to a 612 megahertz intemnediate frequency. The signals are then de- 
modulated in FM demodulator 1366 and transmitted to decoder 1368 through switch 1367. Preferably, the sig- 
nals are in a B-MAC form and therefore decoder 1368 decodes and decrypts the B-MAC signal to its audio, 
NTSC video and channel 3 signals to be input into a standard television receiver. 

5 To upgrade the system to accept digital signals, a "digital side-car" 1390 may be added by using a simple 
four lead connection. Tap 1397 allows the down converted signals to be input into the quadrature phase shift 
key denr>odulator 1 391 of side-car 1 390. Preferably a AO megabytes per second demodulator is used. The de- 
nrKtdulated signals are then input into error correcting and demultiplexer 1392. Block 1392 also provides correct 
timing for the signals in side-car 1390. 

10 Switch 1367 would be placed in a second position to receive digital signals whereby analog signals from 
digital to analog (D/A) converter 1396 are input into decoder card 1368. Tuning microprocessor 1367, coupled 
to decoder 1368 is used to control the physical transponder tuning function. Additionally, tuning microprocessor 
1376 could also control volume, and display data on the front panel of decoder box 1390. Importantly, tuning 
microprocessor 1376 provides tuning information to box 1392 via decoder 1366 to allow demultiplexer 1392 to 

15 select a particular digital subchannel from all incoming signals contained within a particular channel. Specifi- 
cally, the display and connmunication's processor 870 receives unencrypted channel location bits which allow 
it to locate and select a particular transponder number (or channel number) and sutvtrans ponder {or subchannel 
number). This channel map is more fully described in application entitled VIRTUAL CHANNELS FOR A MUL- 
TIPLEXED ANALOG COMPONENT (MAC) TELEVISION SYSTEM, having serial number 

20 , incorporated herein by reference. Additionally, the video decryption seed from the security modules is also 
transmitted to box 1392 to allow the selected subchannel to be decrypted. 

Box 1392 corrects error in the signal using a forward enror correction method (FEC) with checksum or parity 
bits. The signal is demultiplexed with the selected subchannel input to video decompressor 1 393. Typical digital 
video decompression would be discrete cosine transform (OCT) or other digital high compression technique 

25 known by those skilled in the arL 

The decompressed/expanded digital video signals are then decrypted in decryptor 1399. If video signals 
are to be transmitted digitally, digital encryption using a key numt)er rather than the previously described 
scrambling of analog signals using a seed is preferred. Consequently, external and Internal security modules 
1314 and 1319 respectively, of decoder 1368 provide decryption keys to decryptor 1399. Functioning of security 

30 nDodules 1314 and 1319 are identical to that previoi^y described above. 

The decrypted decompressed/expanded digital video signals are then processed for reformation to a B- 
MAC signal using techniques known by those skilled in the art The expanded digital video signals are input 
into YUV store 1395 where the luminance signal Y is stored for each line or frame. Similariy, chrominance sig- 
nals U and V are also stored on a firame basis. Box 1392 also inputs B-MAC data to store control 1394 which 

35 outputs the stored luminance and chrominance stores at correctly timed intervals through D/A converter 1396 
to decoder 1368. Signals coming out of converter 1396 are typical B-MAC signals having video, audio and other 
data. From decoder 1368. the standard analog signals are then input into a television receiver. 

This embodiment allows the digital side-car to decompress and expand the low bit rate signal into a full 
B-MAC video signal. The system data, system and addressed data packets 9e and 9h, t^etext and digital audio 

40 are uncompressed and are passed out to decoder 1368 without decompression In side-car 1390. 

Switch 1376 could be microprocessor controlled so that a 'compression-enable'* bit in the system data or 

address data packet is read and causes switch 1367 to enable the decompression digital side-car 1390 to be 
enabled. Thus, the decoder 1306 with d^ital side-car 1390 may be able to receive and descramble both analog 
and digital video signals. Fuithenmore. tap 1397 is provided in Figure 13 as a loop. This loop could be a single 
45 lead, however, ^e loop provides for additional flexibility of expansion. 

WhDe the present invention has been disclosed with respect to a preferred embodiment and modifications 
thereto, further modifications wSI be apparent to those of ordinary skill in the art within the scope of the daims 
that follow. It is not intended that the invention be limited by the disclosure, but instead that its scope be deter- 
mined entirely by reference to the claims which follow. 

50 

Claims 

1. A security system for transmission of a signal comprising: 
55 encoder means (701 ) for encoding said signal, sard erK»der means (701 ) comprising: 

signal scranrtbling means (703) for scrambling said signal and outputting a scrambled signal and 
key for descramblirtg said scranibled signal, 

first key encryptor means (710) coupled to sakJ signal scrambling nr>eans (703). for selectively per- 
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fonming a fir^ encryption on said key using a first confidential serial numt>er and outputting an encrypted 
key. 

second key encryptor means (71 1) coupled to said scrambling means for selectively performing a 
second encryptbn on said key using a second confrdential serial number and outputting an encrypted key, 
5 and 

decoder means (706) for receiving and descramUing said scrambled signal, said decoder means 
(706) comprising: 

first key decryptor means (719) for performing a first key decryptton on said encrypted key 
using said first confidential serial numt>er if said key was encrypted with said first confidential serial num- 
10 ber, 

a replaceable security module (714). removably attached to sakj decoder means (706) and 
containing a second key decryptor means (718) for performing a second key decryption on said encrypted 
key using a second confidential serial number if said encrypted key was encrypted with saki second con- 
fidential serial numt)er. and 

15 signal descrambling means (708) coupled to said first and second key decryptor means for 

descrambling said scrambled signal using said decrypted key. 

2. The security system of daim 1, wherein said encoder means (701 ) further comprises: 

key memory means (704) coupled to said signal scrambling means (703) for storing said key. 
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3. The security system of daim 1, wherein said encoder means (701 ) further comprises: 

a first confidential serial number database (711) coupled to said first key encryptor means (710). 
containing a list of first confkjentiat serial numbers, and 

a second confidential serial number database (716) coupled to said second key encryptor means 
(711). containing a list of second confdential serial numbers. 

4. A decoder for receiving and descrambling a signal which has been scrambled using a key which has been 
selectively encrypted, said decoder comprising: 

first key decryptor means (718) coupled to said decoder, for performing a first key decryption on 
said encrypted key using a first confidential serial numt>er and outputting a decrypted key if said key was 
encrypted using said first confidential serial number. 

a replaceat>le security module (714), removably attached to said decoder and containing a second 
key decryptor means (7 1 9). for performing a second key decryption on said key using a second confidential 
serial number and outputting a decrypted key if said key was encrypted using sakJ second confidential 
serial numt)er. 

signal descrambling means (708) coupled to saki second key decryptor means for descrambling 
said scrambled signal using said decrypted key. 

5. The decoder of daim 1 or 4, further comprising: 

first and second key memory means (707. 720) coupled to said first and second key decryptor 
means (713. 718). for storing said decrypted key. 

6. The decoder of daim 1 or 4, further comprising: 

first and second confidential serial numt>6r memory means (712. 717) coupled to sak) first and sec- 
ond key decryptor means (713. 718), for storing first and second confidential serial numbers. 

7. The system or decoder of daim 1 or 4. wherein said signal is a television signal. 

8. The decoder of daim 7. wherein said television signal is a B-MAC type television signal. 

9. The decoder of daim 1 or 4 further comprising: 

telephone interface means (875) for transmitting and receiving data to and firom a television pro- 
vider. 

10. The security system of daim 9. wherein subscriber input data is transmitted by the replaceable security 
module (714) via said telephone interface means (875). 

1 1. The replaceable security module (714) of daim 1 or 4. wtterein said first and second memory means furttier 
comprise: 
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security means for allowing the contents of sakJ first and second confidential serial number memory 
means (712, 717) to be read only by said first and second key decryptor means (713, 718). 

12. The decoder of claim 1 or 4, further comprising: 

means for receiving (1306) a plurality of compressed digital signals with a plurality of addresses, 

each address corresponding to a particular digital signal; 

means for selecting (1392) a particular digital signal by identifying the particular address; 
means, coupled to the means for selecting, for decompressing (1393) the digital signal; and 
means for removably coupling (1 397) connected between the means for receiving and the means 

for selecting. 

13. A method of decoding a signal comprising the steps of: 

receiving a scrambled signal and an encrypted key in a decoder (706), 

performing a first decryption of said encrypted key using a first confidential serial number to produce 
a decrypted key signal, if said key was encrypted with said first confidential serial number, 

perfonning a second decryption on said encrypted key in a replaceable security nrodule (714) re- 
movably attached to said decoder using a second confidential serial number to produce a decrypted key, 
if said key was encrypted with said second confidential serial number, and 

descrambting said scrambled signal using said decrypted key to produce a descrambted signal. 

14. The decoder or method of claim 1 , 4 or 1 3, wherein said first confidential serial number is assigned to said 
decoder (706). 

15. The decoder or method of claim 1, 4 or 13, wherein said second confidential serial number is assigned to 
said replaceable security module (714). 

16. The ntethod of daim 1 3, further comprising the steps of: 

providing subscriber information including said encrypted key and said first and second confidential 
serial numbers at a first source; 

providing a plurality of program signals at a plurality of second sources; 
transmitting the sut)scriber infonmation to the second sources; 

combining the subscriber information with the program signals to produce a combined signal; and, 
transmitting the combined signal to said decoder. 

17. An apparatus for converting an analog reception system to accept both analog and digital signals corrv 
prising: 

means for receiving (1306) a plurality of compressed digital s^nals with a plurality of addresses, 
each address corresponding to a particular digital signal; 

means for selecting (1392) a particular digital signal by kientlfytng the particular address; 
means, coupled to the means for selecting, for decompressing (1393) the digital signal; and, 
means for removably coupling (1397) connected between the means for receiving and the means 

for sel wting. 

18. The apparatus of daim 13or 17 further comprising means for decrypting (1399) said television signal coup- 
led to said means for decompressing. 

19. A method of communicating subscriber infomrtation to a broadcasters of program signals in a program en- 
vironment comprises the steps of: 

providing the subscrit)er information at a first source; 

providing the plurality of program signals at a plurality of second sources; 

transmitting the subscriber infomnation to the second sources; 

conrtbinmg ttie subscrit>er information with the program signals to produce a combined signal; and, 
broadcasting the combined signal to at least orte sut>scriber. 

20. A decoder for decoding a key which has been either encrypted by a first confKlentia) serial number, a sec- 
ond confidential serial number, or t>oth, the decoder characterized by: 

means for actively switching (708), in response to a detected signal. t>etween a first key decryptor 
means (719) wShin the decoder and a replaceable security module (714) renrK)vabty attached to ttie de- 
coder so as to effectively decrypt the key. 
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21. A decoder for decoding a key which has been either encrypted by a first conftdential serial number, a sec- 
ond confidential serial number, or both, the decoder characterized by: 

means for actively switching (708), in response to a received signal, between first and second key 
decryptor n^ans (714, 719) so as to effectively decrypt the key. 

5 

22. A composite data packet addressed to a single decoder or group of decoders comprising: 

a first data packet (9a) containing unencrypted data for addressing the individual or group of de- 
coders; 

a second data packet (9c) containing unencrypted data for determining whether at least one of first 
and second key decryptor means (71 4, 719) in the decoder are to be enabled; and, 
a third data packet (9d) containing encrypted data for use by the decoder. 

23. The composite data packet of daim 22 further comprising a fourtti data packet (9b) containing unencrypted 
data for determining the order of decrypting the third data packet by the first and second key decryptor 
means (714, 719) if the third data packet had been twice encrypted. 

24. The composite data packet of daim 22 further comprising: 

a decoder (706) for receiving the composite data packet, the decoder comprising the first and sec- 
ond key decryptor means (714, 719). 

25. A method replacing a replaceable security module (714) into the system of daim 1 without compromising 
the security of the system, wherein the system is currently operating with the key encrypted by the first 
confidential serial number, the method comprising the steps of. 

encrypting a new key with a new first confidential serial number; 

encrypting the new key with the second confidential serial numt>er, thus produdng a twice encrypted 

key; 

transmitting the twice encrypted key to the first key decryptor means (719); 
decrypting the twice encrypted key by the first key deciyplor means (719). thus producing a once 
decrypted key; 

decrypting the once decrypted key by the replaceable security nrK>dule (714); and, 
^ encrypting the key with only the second confkiential ser^l number thereafter. 
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